Earlier this week, Eustis Insurance Co. (Eustis) filed a third-party complaint against wholesale insurance broker, R-T Specialty, Inc. (R-T Specialty), after the broker allegedly failed to properly advise New Hotel Monteleone, Inc. (Hotel Monteleone) about its cybersecurity exposures and coverage that R-T Specialty was tasked to procure. The case represents another example of the exposure that might result from a failure to engage brokers and coverage counsel experienced in the risks to be insured. This potential is especially significant when it comes to cyber exposures, which are vastly different from the legacy exposures that brokers and insurers are accustomed to handling.
Hotel Monteleone experienced a cyberattack in 2013, which subjected the hotel to significant damages for fraud recovery and operational reimbursement. Following the attack, the hotel approached Eustis and requested a cyber insurance policy that would afford coverage for this type of loss going forward. Eustis had no expertise with cybersecurity issues, so it engaged R-T Specialty to assist. R-T Specialty touted itself as having expertise and specialized knowledge in the procurement of cyber insurance policies as well as an entire team devoted to cybercoverage.
R-T Specialty helped procure a cyber policy issued by Certain Underwriters at Lloyd’s, London (Lloyd’s), subscribing to Ascent Cyberpro (the Ascent Policy). The Ascent Policy purported to cover the types of exposure the hotel experienced following the 2013 cyberattack. The Ascent Policy contained general limits of $3 million, but coverage was limited significantly for amounts that constitute fines or penalties. Furthermore, at no time did R-T Specialty inform Eustis that fraud recovery and operation reimbursement might be considered to be a fine or penalty, or that amounts assessed for fraud recovery and operational reimbursement might be subject to the policy’s Payment Card Industry Fines or Penalties Endorsement and its $200,000 sublimit.
In October 2014, Hotel Monteleone again was the victim of a cyberattack, subjecting the hotel to fraud recovery and operational reimbursement exposures in excess of the Ascent Policy’s sublimit. In December 2015, Hotel Monteleone sued Eustis and Lloyd’s for full coverage under the Ascent Policy. The hotel now contends in the third-party complaint that, to the extent the Ascent Policy does not provide full coverage for the hotel’s loss, R-T Specialty should make up the difference. The case is New Hotel Monteleone, LLC v. Certain Underwriters at Lloyd’s of London, Subscribing to Ascent Cyberpro Policy No. ASC14C00944, No. 2:16-CV-00061-ILRL-JCW, pending in the Eastern District of Louisiana. Hunton & Williams LLP will update this blog as the case progresses.